tests net_join: use private secrets database.

Tests were leaving entries in the secrets database that caused
subsequent test cases to fail.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

3 files changed, 105 insertions, 6 deletions

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index d61f26e1345..e55d807d8a4 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -898,7 +898,10 @@ def secretsdb_self_join(secretsdb, domain,
 
     if len(res) == 1:
         msg["priorSecret"] = [res[0]["secret"][0]]
-        msg["priorWhenChanged"] = [res[0]["whenChanged"][0]]
+        try:
+            msg["priorWhenChanged"] = [res[0]["whenChanged"][0]]
+        except KeyError:
+            pass
 
         try:
             msg["privateKeytab"] = [res[0]["privateKeytab"][0]]
diff --git a/python/samba/tests/net_join.py b/python/samba/tests/net_join.py
new file mode 100644
index 00000000000..daba2d2e3bc
--- /dev/null
+++ b/python/samba/tests/net_join.py
@@ -0,0 +1,65 @@
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) Catalyst.Net Ltd. 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+Confirm that net.join_member works
+"""
+
+import samba.tests
+import os
+from samba.net import Net, LIBNET_JOIN_AUTOMATIC
+from samba.credentials import DONT_USE_KERBEROS
+from samba import NTSTATUSError, ntstatus
+import ctypes
+
+class NetJoinTests(samba.tests.TestCaseInTempDir):
+
+    def setUp(self):
+        super(NetJoinTests, self).setUp()
+        self.domain = os.environ["DOMAIN"]
+        self.server = os.environ["SERVER"]
+        self.lp = self.get_loadparm()
+        self.lp.set("private dir", self.tempdir)
+        self.lp.set("lock dir", self.tempdir)
+        self.lp.set("state directory", self.tempdir)
+
+    def tearDown(self):
+        super(NetJoinTests, self).tearDown()
+
+    def test_net_join(self):
+        netbios_name = "NetJoinTest"
+        machinepass  = "abcdefghij"
+        creds = self.insta_creds(template=self.get_credentials(),
+                                 kerberos_state=DONT_USE_KERBEROS)
+
+        net = Net(creds, self.lp, server=self.server)
+
+        # NOTE WELL: We must not run more than one successful
+        # net.join_member per file (process), as the shared
+        # secrets.ldb handle will be kept between runs.
+        try:
+            (join_password, sid, domain_name) = net.join_member(
+                self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC,
+                machinepass=machinepass)
+        except NTSTATUSError as e:
+            code = ctypes.c_uint32(e[0]).value
+            if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
+                self.fail("Connection failure")
+            raise
+        os.unlink(os.path.join(self.tempdir, "secrets.ldb"))
+        pass
diff --git a/python/samba/tests/net_join_no_spnego.py b/python/samba/tests/net_join_no_spnego.py
index 4da9c2e3729..09a2856c9b5 100644
--- a/python/samba/tests/net_join_no_spnego.py
+++ b/python/samba/tests/net_join_no_spnego.py
@@ -27,26 +27,28 @@ from samba.credentials import DONT_USE_KERBEROS
 from samba import NTSTATUSError, ntstatus
 import ctypes
 
-class NetJoinNoSpnegoTests(samba.tests.TestCase):
+class NetJoinNoSpnegoTests(samba.tests.TestCaseInTempDir):
 
     def setUp(self):
         super(NetJoinNoSpnegoTests, self).setUp()
-        self.remoteAddress = "/root/ncalrpc_as_system"
         self.domain = os.environ["DOMAIN"]
         self.server = os.environ["SERVER"]
+        self.lp = self.get_loadparm()
+        self.lp.set("private dir", self.tempdir)
+        self.lp.set("lock dir", self.tempdir)
+        self.lp.set("state directory", self.tempdir)
 
     def tearDown(self):
         super(NetJoinNoSpnegoTests, self).tearDown()
 
     def test_net_join_no_spnego(self):
-        lp = self.get_loadparm()
-        lp.set("client use spnego", "no")
+        self.lp.set("client use spnego", "no")
         netbios_name = "NetJoinNoSpnego"
         machinepass  = "abcdefghij"
         creds = self.insta_creds(template=self.get_credentials(),
                                  kerberos_state=DONT_USE_KERBEROS)
 
-        net = Net(creds, lp, server=self.server)
+        net = Net(creds, self.lp, server=self.server)
 
         try:
             (join_password, sid, domain_name) = net.join_member(
@@ -56,4 +58,33 @@ class NetJoinNoSpnegoTests(samba.tests.TestCase):
             code = ctypes.c_uint32(e[0]).value
             if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
                 self.fail("Connection failure")
+            elif code == ntstatus.NT_STATUS_ACCESS_DENIED:
+                return
+            else:
+                raise
+        self.fail("Shoud have rejected NTLMv2 without SPNEGO")
+
+    def test_net_join_no_spnego_ntlmv1(self):
+        self.lp.set("client use spnego", "no")
+        self.lp.set("client ntlmv2 auth", "no")
+        netbios_name = "NetJoinNoSpnego"
+        machinepass  = "abcdefghij"
+        creds = self.insta_creds(template=self.get_credentials(),
+                                 kerberos_state=DONT_USE_KERBEROS)
+
+        net = Net(creds, self.lp, server=self.server)
+
+        # NOTE WELL: We must not run more than one successful
+        # net.join_member per file (process), as the shared
+        # secrets.ldb handle will be kept between runs.
+        try:
+            (join_password, sid, domain_name) = net.join_member(
+                self.domain, netbios_name, LIBNET_JOIN_AUTOMATIC,
+                machinepass=machinepass)
+        except NTSTATUSError as e:
+            code = ctypes.c_uint32(e[0]).value
+            if code == ntstatus.NT_STATUS_CONNECTION_DISCONNECTED:
+                self.fail("Connection failure")
+            raise
+        os.unlink(os.path.join(self.tempdir, "secrets.ldb"))
         pass